US plan aimed at keeping China out of US networks

WASHINGTON 
The White House cybersecurity executive order, to be unveiled Wednesday by President Barack Obama's top security officials, will be the most comprehensive plan yet for confronting electronic attacks on America's computer networks, or at least a good-faith effort amid an alarming tide in industrial espionage in the past year that experts blame mostly on China.

The strategy is expected to urge businesses to enforce tougher standards to protect online commerce and direct U.S. intelligence agencies to share even classified threat data with companies considered vital to the U.S. economy, such as transportation and banking.

While symbolic, the plan leaves practical questions unanswered: Should a business be required to tell the government if it's been hacked and U.S. interests are at stake? Can you sue your bank or water treatment facility if those companies don't take reasonable steps to protect you? And if a private company's systems are breached, should the government swoop in to stop the attacks - and pick up the tab?

The process has exposed how difficult and complex the issue is, turning the long-awaited executive order into a bureaucratic scramble aimed at showing countries like China and Iran that the U.S. takes seriously the protection of consumer secrets. It's been an intensive effort by White House staff and industry lobbyists wary of government intervention but fearful about their bottom line.

"I think in general it means (the U.S.) will advance the case of cybersecurity, and that's important," said Paul Smocer, the head of the technology policy division at The Financial Services Roundtable, a powerful lobbying group that represents the nation's biggest banks. "How much teeth versus how much gum there is, we'll see."

The cyberthreat to the U.S. has been heavily debated since the 1990s, when much of American commerce shifted online and critical systems began to rely increasingly on networked computers. Security experts began to warn of looming disaster, including threats that terrorists could cut off a city's water supply or shut down electricity. But what's emerged in recent years, according to cyber experts, is the constant pilfering of America's intellectual property by U.S. competitors.

"We have, as the U.S. government, set up lawn chairs, told the burglars where the silver is in the bottom drawer, and opened up the case of beer and watched them do it," Rep. Mike Rogers, the Republican chairman of the House intelligence committee, told CBS' "Face the Nation" this week.

The U.S. has been preparing a new intelligence estimate that details cyber espionage as a growing economic problem. One official told the Associated Press last week that the estimate was expected to cite more directly a role by the Chinese government and favor aggressive action against the Chinese government. The official was not authorized to discuss the classified report and spoke only on condition of anonymity.

Richard Clarke, a former White House cybersecurity adviser during the Clinton administration, said that executive orders and intelligence estimates aside, the U.S. in 15 years of debate on the subject still hasn't answered the very practical questions of who exactly is in charge of stopping a cyberattack on commercial networks and at what point the government should deploy its own resources.